Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

Published byNoreen Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007."— Presentation transcript:

1 1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007

2 2 CPU, RAM TPM, Chipset CPU, RAM TPM, Chipset Trusted Computing Base (TCB) DMA Devices (Network, Disk, USB, etc.) OS App S S 1 … DMA Devices (Network, Disk, USB, etc.) OS App 1 … S S Shim

3 3 Contributions Isolate security-sensitive code execution from all other code and devices Attest to security-sensitive code and its arguments and nothing else Convince a remote party that security- sensitive code was protected Add < 250 LoC to the software TCB Shim S S Software TCB < 250 LoC

4 4 TPM Background The Trusted Platform Module (TPM) is a dedicated security chip It can provide an attestation to remote parties –Platform Configuration Registers (PCRs) summarize the computer’s software state –TPM provides a signature over PCR values TPM spec v1.2 includes dynamic PCRs –Values can be reset without a reboot

5 5 Late Launch Background Supported by new commodity CPUs –SVM for AMD –TXT (formerly LaGrande) for Intel Designed to launch a VMM without a reboot –Hardware-based protections ensure launch integrity New CPU instruction (SKINIT/SENTER) accepts a memory region as input and atomically: –Resets dynamic PCRs –Disables interrupts –Extends a measurement of the region into PCR 17 –Begins executing at the start of the memory region

6 6 Adversary Capabilities Run arbitrary code with maximum privileges Subvert any DMA- enabled device –E.g., network cards, USB devices, hard drives Perform limited hardware attacks –E.g., power cycle the machine –Excludes physically monitoring/modifying CPU- to-RAM communication CPU, RAM TPM, Chipset DMA Devices (Network, Disk, USB, etc.) OS App 1 … Shim S S

7 7 Architecture Overview Core technique –Pause current execution environment –Execute security-sensitive code with hardware- enforced isolation –Resume previous execution Extensions –Preserve state securely across invocations –Attest only to code execution and protection –Establish secure communication with remote parties

8 8 Execution Flow TPM PCRs: K -1 729 … 000 CPU OS App Shim S S Module RAM OS App Module SKINIT Reset Inputs Outputs Module 0h0 0H00 Shim S S 000

9 9 TPM PCRs: 0 K -1 … TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation

10 10 TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation What code are you running? Shim S S Inputs Outputs Sign (), K -1 Sign ), K -1 … OS App S S 5 App 5 App 4 App 4 App 3 App 3 App 2 App 2 App 1 App 1 ( Versus

11 11 Potential Applications Server applications –Password authentication, SSL keys, Certificate Authority (CA), etc. Verifiable distributed computing –SETI@Home, Folding@Home, distcc, etc. Client-side applications –Secure password entry

12 12 Ongoing Work Extracting security-sensitive code from existing applications Containing malicious or malfunctioning security-sensitive code Coping with slow security-sensitive code Creating a trusted path to the user

13 13 Related Work Secure coprocessors –Dyad [Yee 1994], IBM 4758 [JiSmiMi 2001] System-wide attestation –Secure Boot [ArFaSm 1997], IMA [SaZhJaDo 2004], Enforcer [MaSmWiStBa 2004] VMM-based isolation –BIND [ShPeDo2005], AppCores [SiPuHaHe 2006], Trustworthy Kiosks [GaCáBeSaDoZh 2006], Proxos [TaLiLi 2006]

14 14 Conclusions Explore how far an application’s TCB can be minimized Isolate security-sensitive code execution Provide fine-grained attestations Allow application writers to focus on the security of their own code

15 15 Thank you! parno@cmu.edu

Download ppt "1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Content Overview Virtual Disk Port to Intel platform

Content Overview Virtual Disk Port to Intel platform
1 Flicker: Minimal TCB Code Execution Jonathan M. McCune Carnegie Mellon University March 27, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael.

1 Flicker: Minimal TCB Code Execution Jonathan M. McCune Carnegie Mellon University March 27, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael.
Vpn-info.com.

Vpn-info.com.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.

1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.

A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.
Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.

Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.

Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Similar presentations

Ads by Google